home/yazi , virgil/vfio

hosts/virgil/configuration.nix

@@ -23,7 +23,7 @@
     nameservers = ["127.0.0.1" "::1"];
   };
 
-  services.dnscrypt-proxy2 = {
+  services.dnscrypt-proxy = {
     enable = true;
     settings = {
       listen_addresses = ["127.0.0.1:53" "[::1]:53"];
@@ -66,7 +66,7 @@
   programs.virt-manager.enable = true;
   virtualisation.libvirtd = {
     enable = true;
-    qemuRunAsRoot = false;
+    qemu.runAsRoot = false;
     onBoot = "ignore";
     onShutdown = "shutdown";
   };
@@ -80,6 +80,7 @@
     #  wget
     git
     rose-pine-gtk-theme
+    virtiofsd
   ];
 
   # Some programs need SUID wrappers, can be configured further or are

hosts/virgil/vfio.nix

@@ -1,10 +1,67 @@
 {
   config,
   pkgs,
+  lib,
+  inputs,
   ...
 }: {
+
+
+  imports = [
+   inputs.nixos-vfio.nixosModules.vfio
+
+
+
+   
+   ];
+
+
+ 
   boot.kernelParams = ["amd_iommu=on"];
   boot.blacklistedKernelModules = ["nvidia" "nouveau"];
+  boot.extraModulePackages = [ config.boot.kernelPackages.kvmfr ];
   boot.kernelModules = ["vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio"];
   boot.extraModprobeConfig = "options vfio-pci ids=10de:2705,10de:22bb";
+
+  virtualisation.libvirtd = {
+    deviceACL = [
+      "/dev/kvm"
+      "/dev/kvmfr0"
+      "/dev/kvmfr1"
+      "/dev/kvmfr2"
+      "/dev/shm/scream"
+      "/dev/shm/looking-glass"
+      "/dev/null"
+      "/dev/full"
+      "/dev/zero"
+      "/dev/random"
+      "/dev/urandom"
+      "/dev/ptmx"
+      "/dev/kvm"
+      "/dev/kqemu"
+      "/dev/rtc"
+      "/dev/hpet"
+      "/dev/vfio/vfio"
+    ];
+  };
+  virtualisation.spiceUSBRedirection.enable = true;
+
+  virtualisation.vfio = {
+    enable = true;
+    IOMMUType = "amd";
+    devices = [
+      "10de:2705"
+      "10de:22bb"
+    ];
+  };
+  virtualisation.kvmfr = {
+    enable = true;
+    devices = lib.singleton {
+      size = 128;
+      permissions = {
+        user = "tulg";
+        mode = "0777";
+      };
+    };
+  };
 }